Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-58373 — CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Org…

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that allows authenticated attackers to enumerate quality report identifiers belonging to other…

cvat | Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-58372 — SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arb…

seaweedfs | Remote | Path Traversal
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
3.1 LOW
CVE-2026-58371 — SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Par…

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper (weed/server/common.go), with no cal…

seaweedfs | Remote | Information Disclosure
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
9.2 CRITICAL
CVE-2026-58370 — Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author…

woodpecker | Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-58369 — Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enable…

Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user (user.ForgeI…

woodpecker | Remote | Authentication
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
7.1 HIGH
CVE-2026-58176 — RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without any permission check: the controller declares no cla…

ruoyi-vue-plus | Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-58174 — Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on…

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import han…

hermes_web_ui | Remote | Authorization
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-58173 — Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containin…

Remote | Path Traversal
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
9.3 CRITICAL
CVE-2026-58172 — Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade req…

Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
4.2 MEDIUM
CVE-2026-58171 — Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in run_dir (agent/src/swarm/store.py). A craf…

Remote | Path Traversal
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.3 HIGH
CVE-2026-58170 — Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading…

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization (agent/src/live/mandate/commit.py). …

Remote | Path Traversal
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
7.7 HIGH
CVE-2026-58169 — Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding A…

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer…

Remote | Authentication
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-58168 — DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Us…

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowed_mcp_tools function returning None in…

Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-58167 — Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users

Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authe…

Remote | Information Disclosure
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
9.1 CRITICAL
CVE-2026-58166 — OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File …

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a maliciou…

Remote | Path Traversal
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-58165 — OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to cr…

Remote | Authorization
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-49451 — Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 unti…

Remote | Misconfiguration
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-10655 — Use-after-free race in SNTP async client when closing the socket while the socket service…

The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the ne…

zephyr zephyr | Race Condition
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
3.1 LOW
CVE-2026-10654 — RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Z…

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initi…

zephyr zephyr | Race Condition
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
6.4 MEDIUM
CVE-2026-10653 — Non-atomic `net_buf` reference counts cause double-free / free-list corruption under conc…

The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count at the start of each variable/heap data allocation …

zephyr zephyr | Race Condition
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
Showing 20 of 7896 Results